Add socket authentication

.eslintrc.cjs

@@ -22,6 +22,7 @@ module.exports = {
     },
   },
   rules: {
+    'no-param-reassign': [2, { props: false }],
     'import/extensions': ['error', { ts: 'never', ignorePackages: true }],
     'no-shadow': 'off',
     '@typescript-eslint/no-shadow': ['error'],

client/auth.ts

@@ -0,0 +1,4 @@
+// eslint-disable-next-line import/prefer-default-export
+export function generateToken(username: string, password: string): string {
+  return Buffer.from(`${username}:${password}`).toString('base64')
+}

client/env.ts

@@ -0,0 +1,3 @@
+export const uri = process.env?.SERVER_URI || 'http://localhost:3000'
+export const username = process.env?.RPG_FOR_BOTS_USERNAME || 'foobar'
+export const password = process.env?.RPG_FOR_BOTS_PASSWORD || 'foobar'

client/index.ts

@@ -2,9 +2,14 @@ import { io, Socket } from 'socket.io-client'
 
 import { ClientToServerEvents, ServerToClientEvents } from '../shared/socket'
 
-const uri = process.env?.SERVER_URI || 'http://localhost:3000'
+import { uri, username, password } from './env'
+import { generateToken } from './auth'
 
-const socket: Socket<ServerToClientEvents, ClientToServerEvents> = io(uri)
+const socket: Socket<ServerToClientEvents, ClientToServerEvents> = io(uri, {
+  auth: {
+    token: generateToken(username, password),
+  },
+})
 
 const start = Date.now()
 

server/aurh.ts

@@ -0,0 +1,23 @@
+type Credentials = {
+  username: string
+  password: string
+}
+
+export function parseToken(token: string): Credentials {
+  const [username, password] = Buffer.from(token, 'base64')
+    .toString()
+    .split(':')
+
+  return {
+    username: username ?? '',
+    password: password ?? '',
+  }
+}
+
+export function validateCredentials({
+  username,
+  password,
+}: Credentials): boolean {
+  // TODO: do real validation in the future
+  return username === password
+}

server/env.ts

@@ -0,0 +1,2 @@
+// eslint-disable-next-line import/prefer-default-export
+export const port = +(process.env?.PORT || '') || 3000

server/index.ts

@@ -7,26 +7,51 @@ import {
   SocketData,
 } from '../shared/socket'
 
-const port = +(process.env?.PORT || '') || 3000
+import { port } from './env'
+import { parseToken, validateCredentials } from './aurh'
 
 const server = new Server<
   ClientToServerEvents,
   ServerToClientEvents,
   InterServerEvents,
   SocketData
 >()
-server.listen(port)
+
+server.use((socket, next) => {
+  const credentials = parseToken(socket.handshake.auth?.token || '')
+
+  if (!validateCredentials(credentials)) {
+    console.debug(
+      `[${socket.id}] Invalid credentials for user "${credentials.username}" from ${socket.handshake.address}`,
+    )
+    next(new Error('Invalid credentials'))
+    return
+  }
+
+  socket.data.username = credentials.username
+  next()
+})
 
 server.on('connection', (socket) => {
   console.debug(
     `[${socket.id}] New connection from ${socket.handshake.address}`,
   )
 
+  if (socket.data.username) {
+    console.log(`[${socket.id}] User "${socket.data.username}" came online`)
+  }
+
   socket.on('disconnect', () => {
+    if (socket.data.username) {
+      console.log(`[${socket.id}] User "${socket.data.username}" went offline`)
+    }
+
     console.debug(`[${socket.id}] Connection closed`)
   })
 
   socket.on('ping', (callback) => {
     callback()
   })
 })
+
+server.listen(port)

shared/socket.ts

@@ -9,4 +9,6 @@ export interface ClientToServerEvents {
 export interface InterServerEvents {}
 
 // eslint-disable-next-line @typescript-eslint/no-empty-interface
-export interface SocketData {}
+export interface SocketData {
+  username: string
+}